<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:media="http://search.yahoo.com/mrss/" xmlns:podcast="https://podcastindex.org/namespace/1.0">
  <channel>
    <atom:link href="https://feeds.simplecast.com/Yq_emxG0" rel="self" title="MP3 Audio" type="application/atom+xml"/>
    <atom:link href="https://simplecast.superfeedr.com" rel="hub" xmlns="http://www.w3.org/2005/Atom"/>
    <generator>https://simplecast.com</generator>
    <title>The Watchtower</title>
    <description>Where cybersecurity, data, and AI leaders come to talk like humans - not headlines.

Hosted by former global CISO, Ash Hunt, every episode uncovers what’s really happening behind the boardroom slides and breach reports.

From insider stories of risk and resilience to honest takes on AI disruption, this is where leaders shaping the future of security drop the corporate filter and tell it straight.

Presented by Cyera. Produced by Mission.org.</description>
    <copyright>2026 The Watchtower</copyright>
    <language>en</language>
    <pubDate>Wed, 24 Jun 2026 09:00:00 +0000</pubDate>
    <lastBuildDate>Wed, 24 Jun 2026 09:00:13 +0000</lastBuildDate>
    <image>
      <link>https://the-watchtower.simplecast.com</link>
      <title>The Watchtower</title>
      <url>https://image.simplecastcdn.com/images/021681d1-f709-484c-bcbd-724e31176de5/db004b8c-8f0f-49e5-bb74-1f5eebe075a8/3000x3000/thewatchtertempthumbnail.jpg?aid=rss_feed</url>
    </image>
    <link>https://the-watchtower.simplecast.com</link>
    <itunes:type>episodic</itunes:type>
    <itunes:summary>Where cybersecurity, data, and AI leaders come to talk like humans - not headlines.

Hosted by former global CISO, Ash Hunt, every episode uncovers what’s really happening behind the boardroom slides and breach reports.

From insider stories of risk and resilience to honest takes on AI disruption, this is where leaders shaping the future of security drop the corporate filter and tell it straight.

Presented by Cyera. Produced by Mission.org.</itunes:summary>
    <itunes:author>Cyera</itunes:author>
    <itunes:explicit>false</itunes:explicit>
    <itunes:image href="https://image.simplecastcdn.com/images/021681d1-f709-484c-bcbd-724e31176de5/db004b8c-8f0f-49e5-bb74-1f5eebe075a8/3000x3000/thewatchtertempthumbnail.jpg?aid=rss_feed"/>
    <itunes:new-feed-url>https://feeds.simplecast.com/Yq_emxG0</itunes:new-feed-url>
    <itunes:owner>
      <itunes:name>Mission.org</itunes:name>
      <itunes:email>info@mission.org</itunes:email>
    </itunes:owner>
    <itunes:category text="Business">
      <itunes:category text="Management"/>
    </itunes:category>
    <itunes:category text="News">
      <itunes:category text="Business News"/>
    </itunes:category>
    <itunes:category text="Technology"/>
    <item>
      <guid isPermaLink="false">c5a78d76-9a5a-4b7f-a3d0-ddbb1d9440af</guid>
      <title>AI Doesn&apos;t Give Us Judgment</title>
      <description><![CDATA[<p>Is AI helping us make better decisions or just giving us more data to misinterpret?</p>
<p>In this episode of The Watchtower, Ash Hunt speaks with Tony Martin-Vegue, founder of NinetyFive Risk Advisory and author of <i>From Heat Maps to Histograms</i>, about cyber risk, decision-making, and the role of AI in risk analysis.</p>
<p>Tony explains why security teams often have more data than they realize, but still need the judgment to evaluate that data, understand its quality, and use it responsibly.</p>
<p> </p>
<p><strong>Highlights</strong></p>
<ul>
 <li>Why AI can supercharge risk analysis without replacing human judgment</li>
 <li>How LLM outputs should earn their way into a risk model</li>
 <li>Why red/yellow/green heat maps limit executive risk conversations</li>
 <li>How cyber risk quantification helps security leaders speak in business terms</li>
 <li>What cybersecurity can learn from meteorology, epidemiology, actuarial science, and financial risk management</li>
</ul>
<p> </p>
<p><strong>Connect</strong></p>
<p><a href="https://www.linkedin.com/in/tonymv/" rel="noopener noreferrer">Tony Martin-Vegue on LinkedIn</a></p>
<p><a href="https://www.95riskadvisory.com/" rel="noopener noreferrer">95 Risk Advisory</a></p>
<p> </p>
<p><strong>Chapters</strong></p>
<p>0:00 The judgment problem AI can't solve</p>
<p>1:24 From IT janitor to risk analyst with Tony Martin-Vegue</p>
<p>5:19 Explaining risk in dollars vs colors</p>
<p>9:35 Not enough data is not an excuse</p>
<p>13:50 The DBIR, data quality, and the 500-report flood</p>
<p>16:46 Industry reports or Twitter polls</p>
<p>17:39 Decision engineering: operating under uncertainty</p>
<p>20:35 The CISO's real job isn't stopping attacks</p>
<p>21:31 The most influential cybersecurity book</p>
<p>28:41 AI launders bias</p>
<p>31:49 Decision engineering at scale: agentic context across the business</p>
<p>39:43 Cyber risk math was invented by 18th-century gamblers</p>
<p>41:20 What cybersecurity needs to steal from other fields</p>
<p>43:44 Toyota, Taylorism, and why your heat map has to die</p>
<p>45:53 Where to find Tony and the book</p>
<p><p>Presented by Cyera. Produced by Mission.org.</p></p><br/> <p>Hosted by Simplecast, an AdsWizz company. See <a href="https://pcm.adswizz.com">pcm.adswizz.com</a> for information about our collection and use of personal data for advertising.</p>]]></description>
      <pubDate>Wed, 24 Jun 2026 09:00:00 +0000</pubDate>
      <author>info@mission.org (Ash Hunt, Tony Martin-Vegue, NinetyFive Risk Advisory, Cyera, mission.org)</author>
      <link>https://the-watchtower.simplecast.com/episodes/ai-is-not-a-risk-model-3kkQSFSR</link>
      <content:encoded><![CDATA[<p>Is AI helping us make better decisions or just giving us more data to misinterpret?</p>
<p>In this episode of The Watchtower, Ash Hunt speaks with Tony Martin-Vegue, founder of NinetyFive Risk Advisory and author of <i>From Heat Maps to Histograms</i>, about cyber risk, decision-making, and the role of AI in risk analysis.</p>
<p>Tony explains why security teams often have more data than they realize, but still need the judgment to evaluate that data, understand its quality, and use it responsibly.</p>
<p> </p>
<p><strong>Highlights</strong></p>
<ul>
 <li>Why AI can supercharge risk analysis without replacing human judgment</li>
 <li>How LLM outputs should earn their way into a risk model</li>
 <li>Why red/yellow/green heat maps limit executive risk conversations</li>
 <li>How cyber risk quantification helps security leaders speak in business terms</li>
 <li>What cybersecurity can learn from meteorology, epidemiology, actuarial science, and financial risk management</li>
</ul>
<p> </p>
<p><strong>Connect</strong></p>
<p><a href="https://www.linkedin.com/in/tonymv/" rel="noopener noreferrer">Tony Martin-Vegue on LinkedIn</a></p>
<p><a href="https://www.95riskadvisory.com/" rel="noopener noreferrer">95 Risk Advisory</a></p>
<p> </p>
<p><strong>Chapters</strong></p>
<p>0:00 The judgment problem AI can't solve</p>
<p>1:24 From IT janitor to risk analyst with Tony Martin-Vegue</p>
<p>5:19 Explaining risk in dollars vs colors</p>
<p>9:35 Not enough data is not an excuse</p>
<p>13:50 The DBIR, data quality, and the 500-report flood</p>
<p>16:46 Industry reports or Twitter polls</p>
<p>17:39 Decision engineering: operating under uncertainty</p>
<p>20:35 The CISO's real job isn't stopping attacks</p>
<p>21:31 The most influential cybersecurity book</p>
<p>28:41 AI launders bias</p>
<p>31:49 Decision engineering at scale: agentic context across the business</p>
<p>39:43 Cyber risk math was invented by 18th-century gamblers</p>
<p>41:20 What cybersecurity needs to steal from other fields</p>
<p>43:44 Toyota, Taylorism, and why your heat map has to die</p>
<p>45:53 Where to find Tony and the book</p>
<p><p>Presented by Cyera. Produced by Mission.org.</p></p><br/> <p>Hosted by Simplecast, an AdsWizz company. See <a href="https://pcm.adswizz.com">pcm.adswizz.com</a> for information about our collection and use of personal data for advertising.</p>]]></content:encoded>
      <enclosure length="50990489" type="audio/mpeg" url="https://afp-941016-injected.calisto.simplecastaudio.com/c14a9ba8-7402-4495-8da0-b69e880afac4/episodes/5ac19f07-c0c9-4f77-9beb-deaf175b5550/audio/128/default.mp3?aid=rss_feed&amp;awCollectionId=c14a9ba8-7402-4495-8da0-b69e880afac4&amp;awEpisodeId=5ac19f07-c0c9-4f77-9beb-deaf175b5550&amp;feed=Yq_emxG0"/>
      <itunes:title>AI Doesn&apos;t Give Us Judgment</itunes:title>
      <itunes:author>Ash Hunt, Tony Martin-Vegue, NinetyFive Risk Advisory, Cyera, mission.org</itunes:author>
      <itunes:duration>00:46:52</itunes:duration>
      <itunes:summary>Is AI helping us make better decisions or just giving us more data to misinterpret?</itunes:summary>
      <itunes:subtitle>Is AI helping us make better decisions or just giving us more data to misinterpret?</itunes:subtitle>
      <itunes:keywords>probabilistic risk analysis, from heatmaps to histograms, fair framework, monte carlo cybersecurity, ciso decision making, verizon dbir data quality, decision engineering, ai in cybersecurity risk, cyber risk quantification, tony martin-vegue, cognitive bias in security, cyentia institute</itunes:keywords>
      <itunes:explicit>false</itunes:explicit>
      <itunes:episodeType>full</itunes:episodeType>
      <itunes:episode>5</itunes:episode>
    </item>
    <item>
      <guid isPermaLink="false">6cfaf6aa-3833-47ea-93b3-43abde31abcb</guid>
      <title>When Identity Fails, The Business Stops</title>
      <description><![CDATA[<p>Identity is now the fabric that determines the viability of every business operation.</p>
<p>In this episode of The Watchtower, Ash Hunt talks with Valvoline CISO Corey Kaemming about how identity became the operational backbone of modern companies. As cloud, automation, and AI accelerate, identity failures don’t just create risk - they stop work entirely. They explore why identity decisions are now business decisions, how automation amplifies identity risk, and why CISOs are evolving from gatekeepers into service leaders responsible for keeping operations moving.</p>
<p> </p>
<p>Chapters</p>
<p>0:00 Identity Now Runs Everything (Corey Kaemming)</p>
<p>1:20 Why Identity Suddenly Matters More Than Ever</p>
<p>5:40 “Attackers Aren’t Breaking In… They’re Logging In”</p>
<p>9:30 Identity as the Backbone of Enterprise Operations</p>
<p>12:00 You Can’t Just “Turn On” AI in Security</p>
<p>17:00 Moving Beyond Passwords - What Users Actually Want</p>
<p>19:20 Why Identity Workflows Keep Breaking</p>
<p>23:10 When Identity Fails, the Business Stops</p>
<p>26:00 “If You Can’t Log In, Nothing Works”</p>
<p>29:10 Inside a Real Identity Transformation Program</p>
<p>34:50 Who Should Own Identity - Security or the Business?</p>
<p>41:30 Rethinking Hiring, Teams, and Identity Strategy</p>
<p>46:15 Identity Beyond Security</p>
<p><p>Presented by Cyera. Produced by Mission.org.</p></p><br/> <p>Hosted by Simplecast, an AdsWizz company. See <a href="https://pcm.adswizz.com">pcm.adswizz.com</a> for information about our collection and use of personal data for advertising.</p>]]></description>
      <pubDate>Wed, 17 Jun 2026 09:00:00 +0000</pubDate>
      <author>info@mission.org (Ash Hunt, Cyera, mission.org, Valvoline, Corey Kaemming)</author>
      <link>https://the-watchtower.simplecast.com/episodes/when-identity-fails-the-business-stops-nkGwg6jX</link>
      <content:encoded><![CDATA[<p>Identity is now the fabric that determines the viability of every business operation.</p>
<p>In this episode of The Watchtower, Ash Hunt talks with Valvoline CISO Corey Kaemming about how identity became the operational backbone of modern companies. As cloud, automation, and AI accelerate, identity failures don’t just create risk - they stop work entirely. They explore why identity decisions are now business decisions, how automation amplifies identity risk, and why CISOs are evolving from gatekeepers into service leaders responsible for keeping operations moving.</p>
<p> </p>
<p>Chapters</p>
<p>0:00 Identity Now Runs Everything (Corey Kaemming)</p>
<p>1:20 Why Identity Suddenly Matters More Than Ever</p>
<p>5:40 “Attackers Aren’t Breaking In… They’re Logging In”</p>
<p>9:30 Identity as the Backbone of Enterprise Operations</p>
<p>12:00 You Can’t Just “Turn On” AI in Security</p>
<p>17:00 Moving Beyond Passwords - What Users Actually Want</p>
<p>19:20 Why Identity Workflows Keep Breaking</p>
<p>23:10 When Identity Fails, the Business Stops</p>
<p>26:00 “If You Can’t Log In, Nothing Works”</p>
<p>29:10 Inside a Real Identity Transformation Program</p>
<p>34:50 Who Should Own Identity - Security or the Business?</p>
<p>41:30 Rethinking Hiring, Teams, and Identity Strategy</p>
<p>46:15 Identity Beyond Security</p>
<p><p>Presented by Cyera. Produced by Mission.org.</p></p><br/> <p>Hosted by Simplecast, an AdsWizz company. See <a href="https://pcm.adswizz.com">pcm.adswizz.com</a> for information about our collection and use of personal data for advertising.</p>]]></content:encoded>
      <enclosure length="50766172" type="audio/mpeg" url="https://afp-941016-injected.calisto.simplecastaudio.com/c14a9ba8-7402-4495-8da0-b69e880afac4/episodes/a9ccbc55-2ec4-46a3-bde6-a0a61fe4d74d/audio/128/default.mp3?aid=rss_feed&amp;awCollectionId=c14a9ba8-7402-4495-8da0-b69e880afac4&amp;awEpisodeId=a9ccbc55-2ec4-46a3-bde6-a0a61fe4d74d&amp;feed=Yq_emxG0"/>
      <itunes:title>When Identity Fails, The Business Stops</itunes:title>
      <itunes:author>Ash Hunt, Cyera, mission.org, Valvoline, Corey Kaemming</itunes:author>
      <itunes:duration>00:47:28</itunes:duration>
      <itunes:summary>Identity is now the operational system that determines if the business runs.</itunes:summary>
      <itunes:subtitle>Identity is now the operational system that determines if the business runs.</itunes:subtitle>
      <itunes:keywords>enterprise security, identity infrastructure, human in the loop, risk management, identity management, ai in security, identity governance, digital identity, access control, identity transformation, cybersecurity, zero trust, enterprise it, iam, identity and access management, security leadership, privileged access, ciso, authorization, authentication</itunes:keywords>
      <itunes:explicit>false</itunes:explicit>
      <itunes:episodeType>full</itunes:episodeType>
      <itunes:episode>4</itunes:episode>
    </item>
    <item>
      <guid isPermaLink="false">7aec716f-eb7d-4ce5-aca7-138a03b5c3b8</guid>
      <title>Are We Measuring the Right Things?</title>
      <description><![CDATA[<p>Security runs on metrics, but do those metrics reflect real risk?</p>
<p>In this episode of The Watchtower, Ash Hunt sits down with Wade Baker - co-founder of Cyentia Institute and longtime architect of the Verizon DBIR - to dismantle the cybersecurity metrics that feel right but consistently lead programs astray. They take down "average cost per breach," expose why MTTR makes security teams look great while 99% of their vulnerabilities sit untouched, and introduce the half-life metric that actually tracks risk. Plus: why metrics are weaponized more often than they're used, and how AI agents are (finally) democratizing rigorous risk quantification.</p>
<p> </p>
<p>Key Takeaways:</p>
<p>- Cost-per-data-record is a survey artifact — there's no linear correlation between breach cost and records lost</p>
<p>- MTTR only measures the vulnerabilities you remediate — so you can post a great MTTR while ignoring 99% of your environment</p>
<p>- Survival analysis / half-life is the better metric — it tracks burn-down against a defined finish line, not raw speed</p>
<p>- Think like a general, not a sniper: zero vulnerabilities is the wrong objective; the right 80% is</p>
<p>- Metrics are weaponized to justify budget more often than they're used to manage program effectiveness</p>
<p>- You don't need a stats PhD — AI agents are democratizing rigorous risk modeling</p>
<p> </p>
<p>Wade Baker on LinkedIn: https://www.linkedin.com/in/drwadebaker/</p>
<p>Cyentia Research: cyentia.com/research</p>
<p> </p>
<p>Chapters</p>
<p>00:00 Are we measuring the right things?</p>
<p>01:18 Which cybersecurity metrics are most misunderstood</p>
<p>02:48 The psychology of measuring what's easy</p>
<p>04:20 "We've got to measure something" — and the trap that creates</p>
<p>05:30 The real problem: security doesn't agree what "good" looks like</p>
<p>07:40 Sniper vs general: the thinking style CISOs need</p>
<p>09:28 Doing security things vs achieving security goals</p>
<p>10:25 The $215-per-record myth — and why it won't die</p>
<p>12:13 Metrics as weapons: the real reason the number survives</p>
<p>14:31 The needle-in-the-haystack reality of real breaches</p>
<p>15:45 Risk quantification was solved decades ago — in other industries</p>
<p>17:24 The MTTR indictment: measuring only what you fix</p>
<p>18:48 Survival analysis and the half-life metric</p>
<p>21:07 Fixed-speed decay: metrics as decision engineering</p>
<p>23:57 Event landscape vs threat landscape</p>
<p>27:19 AI agents as scenario-analysis partners</p>
<p>30:05 Democratizing risk modeling without a stats PhD</p>
<p>31:13 What security leaders should actually measure</p>
<p>34:15 Your metrics are not your boss's metrics</p>
<p>36:07 Data storytelling: testing a metric's "so what?"</p>
<p>37:03 What's next from Cyentia Institute</p>
<p><p>Presented by Cyera. Produced by Mission.org.</p></p><br/> <p>Hosted by Simplecast, an AdsWizz company. See <a href="https://pcm.adswizz.com">pcm.adswizz.com</a> for information about our collection and use of personal data for advertising.</p>]]></description>
      <pubDate>Wed, 27 May 2026 09:00:00 +0000</pubDate>
      <author>info@mission.org (mission.org, Cyera, Ash Hunt, Cyentia Institute, Wade Baker)</author>
      <link>https://the-watchtower.simplecast.com/episodes/are-we-measuring-the-right-things-VOMoNt6C</link>
      <content:encoded><![CDATA[<p>Security runs on metrics, but do those metrics reflect real risk?</p>
<p>In this episode of The Watchtower, Ash Hunt sits down with Wade Baker - co-founder of Cyentia Institute and longtime architect of the Verizon DBIR - to dismantle the cybersecurity metrics that feel right but consistently lead programs astray. They take down "average cost per breach," expose why MTTR makes security teams look great while 99% of their vulnerabilities sit untouched, and introduce the half-life metric that actually tracks risk. Plus: why metrics are weaponized more often than they're used, and how AI agents are (finally) democratizing rigorous risk quantification.</p>
<p> </p>
<p>Key Takeaways:</p>
<p>- Cost-per-data-record is a survey artifact — there's no linear correlation between breach cost and records lost</p>
<p>- MTTR only measures the vulnerabilities you remediate — so you can post a great MTTR while ignoring 99% of your environment</p>
<p>- Survival analysis / half-life is the better metric — it tracks burn-down against a defined finish line, not raw speed</p>
<p>- Think like a general, not a sniper: zero vulnerabilities is the wrong objective; the right 80% is</p>
<p>- Metrics are weaponized to justify budget more often than they're used to manage program effectiveness</p>
<p>- You don't need a stats PhD — AI agents are democratizing rigorous risk modeling</p>
<p> </p>
<p>Wade Baker on LinkedIn: https://www.linkedin.com/in/drwadebaker/</p>
<p>Cyentia Research: cyentia.com/research</p>
<p> </p>
<p>Chapters</p>
<p>00:00 Are we measuring the right things?</p>
<p>01:18 Which cybersecurity metrics are most misunderstood</p>
<p>02:48 The psychology of measuring what's easy</p>
<p>04:20 "We've got to measure something" — and the trap that creates</p>
<p>05:30 The real problem: security doesn't agree what "good" looks like</p>
<p>07:40 Sniper vs general: the thinking style CISOs need</p>
<p>09:28 Doing security things vs achieving security goals</p>
<p>10:25 The $215-per-record myth — and why it won't die</p>
<p>12:13 Metrics as weapons: the real reason the number survives</p>
<p>14:31 The needle-in-the-haystack reality of real breaches</p>
<p>15:45 Risk quantification was solved decades ago — in other industries</p>
<p>17:24 The MTTR indictment: measuring only what you fix</p>
<p>18:48 Survival analysis and the half-life metric</p>
<p>21:07 Fixed-speed decay: metrics as decision engineering</p>
<p>23:57 Event landscape vs threat landscape</p>
<p>27:19 AI agents as scenario-analysis partners</p>
<p>30:05 Democratizing risk modeling without a stats PhD</p>
<p>31:13 What security leaders should actually measure</p>
<p>34:15 Your metrics are not your boss's metrics</p>
<p>36:07 Data storytelling: testing a metric's "so what?"</p>
<p>37:03 What's next from Cyentia Institute</p>
<p><p>Presented by Cyera. Produced by Mission.org.</p></p><br/> <p>Hosted by Simplecast, an AdsWizz company. See <a href="https://pcm.adswizz.com">pcm.adswizz.com</a> for information about our collection and use of personal data for advertising.</p>]]></content:encoded>
      <enclosure length="48224697" type="audio/mpeg" url="https://afp-941016-injected.calisto.simplecastaudio.com/c14a9ba8-7402-4495-8da0-b69e880afac4/episodes/d8c0993b-7787-4acb-9838-5f1f65757b77/audio/128/default.mp3?aid=rss_feed&amp;awCollectionId=c14a9ba8-7402-4495-8da0-b69e880afac4&amp;awEpisodeId=d8c0993b-7787-4acb-9838-5f1f65757b77&amp;feed=Yq_emxG0"/>
      <itunes:title>Are We Measuring the Right Things?</itunes:title>
      <itunes:author>mission.org, Cyera, Ash Hunt, Cyentia Institute, Wade Baker</itunes:author>
      <itunes:duration>00:40:32</itunes:duration>
      <itunes:summary>Security runs on metrics, but do those metrics reflect real risk?</itunes:summary>
      <itunes:subtitle>Security runs on metrics, but do those metrics reflect real risk?</itunes:subtitle>
      <itunes:keywords>enterprise security, iris report, ibm cost of a data breach, fair framework, vulnerability management, the watchtower, exposure management, decision engineering, cyera, mttr, ponemon, cyber risk, information risk insights studies, survival analysis, verizon dbir, ash hunt, half-life metric, mean time to remediate, doug hubbard, cost per breach, cisa, cyentia institute, wade baker, security measurement, cybersecurity metrics, risk quantification, ciso metrics</itunes:keywords>
      <itunes:explicit>false</itunes:explicit>
      <itunes:episodeType>full</itunes:episodeType>
      <itunes:episode>3</itunes:episode>
    </item>
    <item>
      <guid isPermaLink="false">4417de3a-ff4f-441c-9349-dc29a80694e9</guid>
      <title>What 1,000+ Breaches Taught This CISO About Preparedness</title>
      <description><![CDATA[<p>Are you just avoiding a breach? Or are you prepared for one?</p>
<p>Dan Bowden is the Global CISO at Marsh - the world's largest insurance broker - where he protects 90,000+ employees across 130+ countries while simultaneously seeing how organizations are evaluated after cyber incidents. In this episode, Dan breaks down how regulation, insurance, and real breach data are changing the standard for what "prepared" actually means in 2026.</p>
<p>Dan Bowden is a seasoned security leader with a background spanning military, healthcare, and banking before joining Marsh as joint Global CISO.</p>
<p>Key takeaways:</p>
<p>- Why the gap between governance documentation and crisis culture is where most organizations fail</p>
<p>- How to properly engage your cyber insurance broker as a consultative security partner, not a checkbox</p>
<p>- What Marsh's breach data actually shows about insured companies being targeted (spoiler: the myth is busted)</p>
<p>- Why MFA in 2026 should be baseline - and what carriers are asking about next</p>
<p>- How regulatory frameworks like NYDFS are shifting from descriptive to prescriptive requirements</p>
<p>Guest: Dan Bowden, Global CISO, Marsh</p>
<p>LinkedIn: linkedin.com/in/danbowden</p>
<p> </p>
<p>Chapters</p>
<p>0:00 Dan Bowden: Cybersecurity Is Not “Best Effort”</p>
<p>1:10 What a Global CISO Sees That Others Don’t</p>
<p>3:50 Why Companies Call Their Broker First During an Incident</p>
<p>5:03 What Real Incident Data Actually Teaches You</p>
<p>7:04 Rethinking Risk: Frequency vs Catastrophic Events</p>
<p>10:12 Why Cyber Risk Is Still Measured Wrong</p>
<p>11:39 Stop Letting the News Drive Your Security Strategy</p>
<p>14:32 Where Incident Response Actually Breaks Down</p>
<p>15:00 Governance vs Culture - What Really Happens in Crisis</p>
<p>18:03 How to Test Leadership Under Pressure</p>
<p>19:32 What Most Companies Get Wrong About Cyber Insurance</p>
<p>23:12 Cyber Insurance Is Bigger Than “Cyber”</p>
<p>24:11 Why Most Broker Relationships Fail</p>
<p>25:52 How Insurance Decisions Actually Get Made</p>
<p>27:53 Identity Is the Root of Most Attacks</p>
<p>29:46 MFA Is the Baseline - But Not the End</p>
<p>33:27 How Regulation Is Reshaping Security</p>
<p>37:52 Myth: Insurance Makes You a Target</p>
<p>41:31 The Future: Custom Cyber Insurance Models</p>
<p><p>Presented by Cyera. Produced by Mission.org.</p></p><br/> <p>Hosted by Simplecast, an AdsWizz company. See <a href="https://pcm.adswizz.com">pcm.adswizz.com</a> for information about our collection and use of personal data for advertising.</p>]]></description>
      <pubDate>Wed, 13 May 2026 09:00:00 +0000</pubDate>
      <author>info@mission.org (mission.org, Cyera, Dan Bowden, Ash Hunt)</author>
      <link>https://the-watchtower.simplecast.com/episodes/what-1-000-breaches-taught-this-ciso-about-preparedness-DTkK42Xe</link>
      <content:encoded><![CDATA[<p>Are you just avoiding a breach? Or are you prepared for one?</p>
<p>Dan Bowden is the Global CISO at Marsh - the world's largest insurance broker - where he protects 90,000+ employees across 130+ countries while simultaneously seeing how organizations are evaluated after cyber incidents. In this episode, Dan breaks down how regulation, insurance, and real breach data are changing the standard for what "prepared" actually means in 2026.</p>
<p>Dan Bowden is a seasoned security leader with a background spanning military, healthcare, and banking before joining Marsh as joint Global CISO.</p>
<p>Key takeaways:</p>
<p>- Why the gap between governance documentation and crisis culture is where most organizations fail</p>
<p>- How to properly engage your cyber insurance broker as a consultative security partner, not a checkbox</p>
<p>- What Marsh's breach data actually shows about insured companies being targeted (spoiler: the myth is busted)</p>
<p>- Why MFA in 2026 should be baseline - and what carriers are asking about next</p>
<p>- How regulatory frameworks like NYDFS are shifting from descriptive to prescriptive requirements</p>
<p>Guest: Dan Bowden, Global CISO, Marsh</p>
<p>LinkedIn: linkedin.com/in/danbowden</p>
<p> </p>
<p>Chapters</p>
<p>0:00 Dan Bowden: Cybersecurity Is Not “Best Effort”</p>
<p>1:10 What a Global CISO Sees That Others Don’t</p>
<p>3:50 Why Companies Call Their Broker First During an Incident</p>
<p>5:03 What Real Incident Data Actually Teaches You</p>
<p>7:04 Rethinking Risk: Frequency vs Catastrophic Events</p>
<p>10:12 Why Cyber Risk Is Still Measured Wrong</p>
<p>11:39 Stop Letting the News Drive Your Security Strategy</p>
<p>14:32 Where Incident Response Actually Breaks Down</p>
<p>15:00 Governance vs Culture - What Really Happens in Crisis</p>
<p>18:03 How to Test Leadership Under Pressure</p>
<p>19:32 What Most Companies Get Wrong About Cyber Insurance</p>
<p>23:12 Cyber Insurance Is Bigger Than “Cyber”</p>
<p>24:11 Why Most Broker Relationships Fail</p>
<p>25:52 How Insurance Decisions Actually Get Made</p>
<p>27:53 Identity Is the Root of Most Attacks</p>
<p>29:46 MFA Is the Baseline - But Not the End</p>
<p>33:27 How Regulation Is Reshaping Security</p>
<p>37:52 Myth: Insurance Makes You a Target</p>
<p>41:31 The Future: Custom Cyber Insurance Models</p>
<p><p>Presented by Cyera. Produced by Mission.org.</p></p><br/> <p>Hosted by Simplecast, an AdsWizz company. See <a href="https://pcm.adswizz.com">pcm.adswizz.com</a> for information about our collection and use of personal data for advertising.</p>]]></content:encoded>
      <enclosure length="47113788" type="audio/mpeg" url="https://afp-941016-injected.calisto.simplecastaudio.com/c14a9ba8-7402-4495-8da0-b69e880afac4/episodes/5e615114-040f-4be5-be06-2e6f501a8250/audio/128/default.mp3?aid=rss_feed&amp;awCollectionId=c14a9ba8-7402-4495-8da0-b69e880afac4&amp;awEpisodeId=5e615114-040f-4be5-be06-2e6f501a8250&amp;feed=Yq_emxG0"/>
      <itunes:title>What 1,000+ Breaches Taught This CISO About Preparedness</itunes:title>
      <itunes:author>mission.org, Cyera, Dan Bowden, Ash Hunt</itunes:author>
      <itunes:duration>00:45:25</itunes:duration>
      <itunes:summary>Are you just avoiding a breach? Or are you prepared for one?</itunes:summary>
      <itunes:subtitle>Are you just avoiding a breach? Or are you prepared for one?</itunes:subtitle>
      <itunes:keywords>governance vs culture, cybersecurity leadership, marsh mclennan, insurance broker cybersecurity, service accounts, identity management, breach preparedness, dan bowden, cyberark, ciso accountability, tabletop exercises, cyber insurance myths, cyera, nis2, security controls, nydfs cybersecurity regulation, healthcare ransomware, incident response, quantitative risk assessment, cyber risk management, the watchtower podcast, dora compliance, cyber insurance application, mfa 2026, broker relationship, cyber insurance</itunes:keywords>
      <itunes:explicit>false</itunes:explicit>
      <itunes:episodeType>full</itunes:episodeType>
      <itunes:episode>2</itunes:episode>
    </item>
    <item>
      <guid isPermaLink="false">5955d2a1-e984-4085-90a8-8ace885ff834</guid>
      <title>Has Cybersecurity Failed Us?</title>
      <description><![CDATA[<p>We’ve spent billions on cybersecurity. Why are the problems the same?</p>
<p>In the first episode of The Watchtower, <strong>Ash Hunt </strong>invites <strong>Jason Clark</strong>, CSO at Cyera, to dig into the hard truth that foundational security controls still fail in real environments. Together, they explore why identity and data remain unsolved, how rapidly changing enterprise tech has outpaced control design, and why AI is forcing the industry to rethink its entire foundation.</p>
<p>This episode is made possible by <strong>Cyera</strong>.</p>
<p>Chapters</p>
<p>0:00 Has Cybersecurity Failed?</p>
<p>1:22 Jason Clark - Security Built for Old Tech</p>
<p>2:48 Why Security Frameworks Keep Failing</p>
<p>4:58 The Pattern - We Can’t Keep Up - iPhone, Cloud, AI Adoption</p>
<p>7:47 Security Strategy Problem - No Data Visibility</p>
<p>10:02 Data and Identity Are Broken in Security</p>
<p>13:34 Identity Is a House of Cards</p>
<p>15:09 AI Will Break (or Fix) Cybersecurity</p>
<p>18:18 Rethinking Security - Systems and Data as Assets</p>
<p>20:39 Why Security Teams Clash with the Business</p>
<p>24:02 Why Risk Modeling Fails in Security</p>
<p>27:58 CISO Leadership Problem - No Business Influence</p>
<p>30:42 AI Adoption - Why Security Must Lead</p>
<p>33:17 The Future of Cybersecurity - Orchestrating Intelligence</p>
<p>34:07 Closing - What Comes Next</p>
<p> </p>
<p><p>Presented by Cyera. Produced by Mission.org.</p></p><br/> <p>Hosted by Simplecast, an AdsWizz company. See <a href="https://pcm.adswizz.com">pcm.adswizz.com</a> for information about our collection and use of personal data for advertising.</p>]]></description>
      <pubDate>Wed, 29 Apr 2026 09:00:00 +0000</pubDate>
      <author>info@mission.org (mission.org, Cyera, Ash Hunt, Jason Clark)</author>
      <link>https://the-watchtower.simplecast.com/episodes/has-cybersecurity-failed-us-YjiuEjfQ</link>
      <content:encoded><![CDATA[<p>We’ve spent billions on cybersecurity. Why are the problems the same?</p>
<p>In the first episode of The Watchtower, <strong>Ash Hunt </strong>invites <strong>Jason Clark</strong>, CSO at Cyera, to dig into the hard truth that foundational security controls still fail in real environments. Together, they explore why identity and data remain unsolved, how rapidly changing enterprise tech has outpaced control design, and why AI is forcing the industry to rethink its entire foundation.</p>
<p>This episode is made possible by <strong>Cyera</strong>.</p>
<p>Chapters</p>
<p>0:00 Has Cybersecurity Failed?</p>
<p>1:22 Jason Clark - Security Built for Old Tech</p>
<p>2:48 Why Security Frameworks Keep Failing</p>
<p>4:58 The Pattern - We Can’t Keep Up - iPhone, Cloud, AI Adoption</p>
<p>7:47 Security Strategy Problem - No Data Visibility</p>
<p>10:02 Data and Identity Are Broken in Security</p>
<p>13:34 Identity Is a House of Cards</p>
<p>15:09 AI Will Break (or Fix) Cybersecurity</p>
<p>18:18 Rethinking Security - Systems and Data as Assets</p>
<p>20:39 Why Security Teams Clash with the Business</p>
<p>24:02 Why Risk Modeling Fails in Security</p>
<p>27:58 CISO Leadership Problem - No Business Influence</p>
<p>30:42 AI Adoption - Why Security Must Lead</p>
<p>33:17 The Future of Cybersecurity - Orchestrating Intelligence</p>
<p>34:07 Closing - What Comes Next</p>
<p> </p>
<p><p>Presented by Cyera. Produced by Mission.org.</p></p><br/> <p>Hosted by Simplecast, an AdsWizz company. See <a href="https://pcm.adswizz.com">pcm.adswizz.com</a> for information about our collection and use of personal data for advertising.</p>]]></content:encoded>
      <enclosure length="43993424" type="audio/mpeg" url="https://afp-941016-injected.calisto.simplecastaudio.com/c14a9ba8-7402-4495-8da0-b69e880afac4/episodes/0aa85923-0013-4028-9456-022af87eb830/audio/128/default.mp3?aid=rss_feed&amp;awCollectionId=c14a9ba8-7402-4495-8da0-b69e880afac4&amp;awEpisodeId=0aa85923-0013-4028-9456-022af87eb830&amp;feed=Yq_emxG0"/>
      <itunes:title>Has Cybersecurity Failed Us?</itunes:title>
      <itunes:author>mission.org, Cyera, Ash Hunt, Jason Clark</itunes:author>
      <itunes:duration>00:34:42</itunes:duration>
      <itunes:summary>We’ve spent billions on cybersecurity. Why are the problems the same?</itunes:summary>
      <itunes:subtitle>We’ve spent billions on cybersecurity. Why are the problems the same?</itunes:subtitle>
      <itunes:keywords>enterprise security, data visibility, risk management, security strategy, cloud security, cybersecurity, ai security, data security, security leadership, ciso, identity security</itunes:keywords>
      <itunes:explicit>false</itunes:explicit>
      <itunes:episodeType>full</itunes:episodeType>
      <itunes:episode>1</itunes:episode>
    </item>
    <item>
      <guid isPermaLink="false">c7798cf3-f43d-4408-84c7-ba7a4259ca48</guid>
      <title>Welcome to The Watchtower</title>
      <description><![CDATA[<p>The systems we rely on weren’t built for the world we’re running today.</p>
<p>Welcome to The Watchtower.</p>
<p>The cybersecurity podcast exploring how identity, data, and behavior now control whether a business runs - or stops.</p>
<p>Hosted by former global CISO, Ash Hunt, The Watchtower pulls back the curtain on what’s actually happening behind dashboards - from fragile identity systems to the real impact of AI inside the business.</p>
<p>New episodes coming soon.</p>
<p> </p>
<p><p>Presented by Cyera. Produced by Mission.org.</p></p><br/> <p>Hosted by Simplecast, an AdsWizz company. See <a href="https://pcm.adswizz.com">pcm.adswizz.com</a> for information about our collection and use of personal data for advertising.</p>]]></description>
      <pubDate>Tue, 14 Apr 2026 18:30:59 +0000</pubDate>
      <author>info@mission.org (mission.org, Cyera, Ash Hunt)</author>
      <link>https://the-watchtower.simplecast.com/episodes/welcome-to-the-watchtower-2B9wt6Jg</link>
      <content:encoded><![CDATA[<p>The systems we rely on weren’t built for the world we’re running today.</p>
<p>Welcome to The Watchtower.</p>
<p>The cybersecurity podcast exploring how identity, data, and behavior now control whether a business runs - or stops.</p>
<p>Hosted by former global CISO, Ash Hunt, The Watchtower pulls back the curtain on what’s actually happening behind dashboards - from fragile identity systems to the real impact of AI inside the business.</p>
<p>New episodes coming soon.</p>
<p> </p>
<p><p>Presented by Cyera. Produced by Mission.org.</p></p><br/> <p>Hosted by Simplecast, an AdsWizz company. See <a href="https://pcm.adswizz.com">pcm.adswizz.com</a> for information about our collection and use of personal data for advertising.</p>]]></content:encoded>
      <enclosure length="13509651" type="audio/mpeg" url="https://afp-941016-injected.calisto.simplecastaudio.com/c14a9ba8-7402-4495-8da0-b69e880afac4/episodes/79cfecd5-3bfb-40e4-a257-64fc0e24c2b7/audio/128/default.mp3?aid=rss_feed&amp;awCollectionId=c14a9ba8-7402-4495-8da0-b69e880afac4&amp;awEpisodeId=79cfecd5-3bfb-40e4-a257-64fc0e24c2b7&amp;feed=Yq_emxG0"/>
      <itunes:title>Welcome to The Watchtower</itunes:title>
      <itunes:author>mission.org, Cyera, Ash Hunt</itunes:author>
      <itunes:duration>00:01:44</itunes:duration>
      <itunes:summary>The systems we rely on weren’t built for the world we’re running today.</itunes:summary>
      <itunes:subtitle>The systems we rely on weren’t built for the world we’re running today.</itunes:subtitle>
      <itunes:keywords>enterprise risk, ciso insights, identity as infrastructure, cybersecurity, identity and access management, system failure, cyber risk management, cyber resilience, data security, security leadership, security operations, digital trust, identity security, ai in cybersecurity</itunes:keywords>
      <itunes:explicit>false</itunes:explicit>
      <itunes:episodeType>trailer</itunes:episodeType>
    </item>
  </channel>
</rss>